Rights Management System for iOS Overview

The Rights Management System (RMS) enables you to share encrypted mails to protect the content that is shared over email when using Microsoft Mail Exchange server.

When enabled the sender can control the distribution of the content shared over the mail. A rights managed email message is used to protect email content from inappropriate access, use, and distribution.

A rights policy template specifies whether a user can edit, forward, reply, reply all, print, extract (copy), export (remove protection), or programmatically access the content in the rights-managed email message. List of RMS permissions is displayed in Email+ Settings/Troubleshooting/Available Permissions and is selected in New Mail Composer > lock button > Protect. Due to ActiveSync protocol limitations, maximum of 20 RMS permissions are displayed in Email+.

Every protected mail has additional cell in mail viewer below subject cell, that contains information about license that is template name and description.

The admin can apply the following options to secure mail exchange as indicated by the RightsManagementLicense element included in the response. The RightsManagementLicense include:

  • ContentExpiryDate - specifies the expiration date for the license (set to "9999-12-30T23:59:59.999Z" if the rights management license has no expiration date set).
  • ContentOwner - specifies the email address of the content owner.
  • EditAllowed - specifies if the content of the original email can be modified by the user when the user forwards, replies, or replies all to the email message.
  • ExportAllowed - specifies if the IRM protection on the e-mail message can be removed by the user. The user can remove the IRM protection of the original message’s content in the outgoing message when the user forwards, replies, or replies all to the original e-mail message;
  • ExtractAllowed - specifies if the user can copy content out of the e-mail message (the content of the e-mail message can be cut, copied, or a screen capture can be taken of the content).
  • ForwardAllowed - specifies if the user can forward the e-mail message.
  • ModifyRecipientsAllowed – specifies if the user can modify the recipient list.
  • Owner - value of true indicates that the authenticated user has owner rights on this message. This element is used for information presentation purposes only.
  • ProgrammaticAccessAllowed - specifies if the contents of the e mail message can be accessed programmatically by third party applications.
  • ReplyAllAllowed - specifies if the user can reply to all the recipients of the original e-mail message.
  • ReplyAllowed - specifies if the user can reply to the e-mail message.
  • TemplateDescription - This element is used for informational presentation purposes only.
  • TemplateID - It contains a string that identifies the rights policy template.
  • TemplateName - specifies the name of the rights policy template.

For more information on To create a new Azure information protection template, see Microsoft documentation

Setting permissions on an email

The permissions for email protection can be set on Email+ iOS app.

Setting permissions on Ivanti Email+ iOS app

Using the Email+ app to set email permissions.


1. In the Email+ app, click on the compose mail icon.
2. Click on the Lock icon, select Protect option.
3. Select the permission you want to apply from the list of Available Permissions to the mail.
4. Click Ok.

Result: The selected permission is applied to the mail.